search for: appdata_ptr

....h" -#include "packet.h" #include "xmalloc.h" -#include "dispatch.h" #include "log.h" +#include "monitor_wrap.h" -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +s...

....h" #include "xmalloc.h" -#include "dispatch.h" #include "log.h" +#include "monitor_wrap.h" + +extern char *__progname; -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +s...

....h" #include "xmalloc.h" -#include "dispatch.h" #include "log.h" +#include "monitor_wrap.h" + +extern char *__progname; -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +s...

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

...for missing const in PAM headers) AC_TRY_COMPILE([#include <security/pam_appl.h>], [ struct pam_conv *conv = NULL; struct pam_message *msg; struct pam_response *resp; conv->conv(1, &msg, &resp, conv->appdata_ptr); ], [ AC_MSG_RESULT(yes) DEFINES="$DEFINES -DPAM_CONV_CONST=" ], [ AC_MSG_RESULT(no) DEFINES="$DEFINES -DPAM_CONV_CONST=const" ]) CFLAGS=&...

...= RCS file: /var/cvs/openssh/auth-pam.c,v retrieving revision 1.34 diff -u -r1.34 auth-pam.c --- auth-pam.c 2001/03/27 06:12:24 1.34 +++ auth-pam.c 2001/03/30 16:46:12 @@ -41,6 +41,10 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); +/* XXX: move to header file */ +const char * +get_remote_name_or_ip(void); + /* module-local variables */ static struct pam_conv conv = { do_pam_conversation, @@ -356,9 +360,9 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); debug("PAM setting rhost to \"%.200s\"&q...

...e to be printed. I can't make pam_motd to work in the "session" section either. There's a section: message.msg_style=PAM_TEXT_INFO; message.msg="blahblah.."; pam_get_item(pamh,PAM_CONV,&conversation); conversation->conv(1,&pmessage,&resp,conversation->appdata_ptr); etc. but apparently its ignored by PAM, any ideas? __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://tax.yahoo.com

...*resp = NULL; ctxt = data; + if ( ctxt == NULL ) + { + ctxt = sshpam_ctxt; + } if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); @@ -221,6 +228,7 @@ sshpam_conv.conv = sshpam_thread_conv; sshpam_conv.appdata_ptr = ctxt; + sshpam_ctxt = ctxt; buffer_init(&buffer); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, --- contrib/solaris/buildpkg.sh 2004/02/26 19:35:55 1.1.1.1 +++ contrib/solaris/buildpkg.sh 2004/02/27 00:27:00 @@ -18,14 +18,15 @@ # with a real OpenSSH packa...

..."$Id: auth-pam.c,v 1.12 2000/08/29 22:57:50 djm Exp $"); -#define NEW_AUTHTOK_MSG \ - "Warning: You password has expired, please change it now" - /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -175,11 +172,17 @@ pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); switch (pam_retval) { - case PAM_SUCCESS: + case PAM_SUCCESS: /* This is what we want */ break; - case PAM_NEW_AUT...

...me = t_str_new(256); + var_expand(username, module->username_format, + auth_request_get_var_expand_table(request, auth_request_str_escape)); + return str_c(username); +} + static int pam_userpass_conv(int num_msg, pam_const struct pam_message **msg, struct pam_response **resp_r, void *appdata_ptr) @@ -82,7 +95,7 @@ pam_userpass_conv(int num_msg, pam_const struct pam_message **msg, case PAM_PROMPT_ECHO_ON: /* Assume we're asking for user. We might not ever get here because PAM already knows the user. */ - string = strdup(ctx->request->user); + string = strdup(pam_...

A little problem, which is bugging me: when using PAM authentication, Dovecot (0.99.5) does not set the PAM_RHOST item, so the PAM modules cannot know who the client is. We need this for some PAM module doing access control. Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged as to how to get the client name from there. It seems not to be available in the auth_request

...{ pam_tty_conv, NULL }; + /* * XXX this should be done in the authentication phase, but ssh1 doesn't * support that @@ -669,15 +654,10 @@ pam_chauthtok_conv(int n, const struct p void do_pam_chauthtok(void) { - struct pam_conv pam_conv; - - pam_conv.conv = pam_chauthtok_conv; - pam_conv.appdata_ptr = NULL; - if (use_privsep) fatal("Password expired (unable to change with privsep)"); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&pam_conv); + (const void *)&tty_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CO...

...trdup("Enter PIN:"); pmsg[i++] = &prompt_msg; retval = pam_get_item(pamh, PAM_CONV,(void *) &conv); if (retval != PAM_SUCCESS) return PAM_SYSTEM_ERR; retval = conv->conv (i,(CONST struct pam_message **)&pmsg,&resp, conv->appdata_ptr); if (retval != PAM_SUCCESS || resp == NULL) return PAM_SYSTEM_ERR; pin=strdup(resp->resp); free (resp); It works. For example rlogin shows string "Enter PIN:" and returns answer in resp->resp. Openssh works exactly the same, right way, if ...

...db_result result; int status, status2; + const struct var_expand_table *table; + string_t *username; + + struct passdb_module *_module = request->passdb->passdb; + struct pam_passdb_module *module = (struct pam_passdb_module *)_module; conv.conv = pam_userpass_conv; conv.appdata_ptr = &ctx; @@ -265,10 +283,15 @@ ctx.request = request; ctx.pass = password; - status = pam_start(service, request->user, &conv, &pamh); + username = t_str_new(256); + table = auth_request_get_var_expand_table(request, auth_request_str_escape); + var_expand(username, module->us...

...x40149ba0, nb=16) at malloc.c:2707 2707 malloc.c: No such file or directory. (gdb) where #0 0x400b0ef2 in chunk_alloc (ar_ptr=0x40149ba0, nb=16) at malloc.c:2707 #1 0x400b0e14 in __libc_malloc (bytes=8) at malloc.c:2651 #2 0x804ec58 in pamconv (num_msg=1, msg=0xbfffeca0, resp=0xbfffeca4, appdata_ptr=0x0) at auth-pam.c:43 #3 0x40019911 in __get_authtok () from /lib/security/pam_unix.so #4 0x40017a5d in pam_sm_authenticate () from /lib/security/pam_unix.so #5 0x4004f648 in pam_fail_delay () from /lib/libpam.so.0 #6 0x4004f9ce in _pam_dispatch () from /lib/libpam.so.0 #7 0x400512cc in pam_au...

...* + * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) + * and outputs messages to stderr. This mode is used if pam_chauthtok() + * is called to update expired passwords. + */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { struct pam_response *reply; int count; + char buf[1024]; /* PAM will free this later */ reply = malloc(num_msg * sizeof(*reply)); if (reply == NULL) return PAM_CONV_ERR; - for(count = 0; count < num_msg; count++) { - switch (msg[count]->msg_style) { + for (count = 0; co...

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

...OK_MSG \ "Warning: Your password has expired, please change it now." -#define NEW_AUTHTOK_MSG_PRIVSEP \ - "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -186,12 +184,15 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */ +#ifndef __hpux if (__pamh && creds_set) { pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); if (pam_retval != PA...

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

...OK_MSG \ "Warning: Your password has expired, please change it now." -#define NEW_AUTHTOK_MSG_PRIVSEP \ - "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -186,12 +184,15 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */ +#ifndef __hpux if (__pamh && creds_set) { pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); if (pam_retval != PA...